REST API Reference
v1.15.0 · 74 endpoints · 15 resource groups
REST API for the free Webhook Actions WordPress plugin — Pro features require a Pro license.
/ Authentication
Base URL
https://your-site.com/wp-json/fswa/v1Pass an API token via any of these three methods:
X-FSWA-Token header
X-FSWA-Token: <your-token> Recommended. Keeps the token out of server logs and URLs.
Authorization: Bearer
Authorization: Bearer <your-token> Standard Bearer token format, compatible with most HTTP clients.
Query parameter
?api_token=<your-token> Convenient for quick browser testing or webhook callbacks.
Token Scopes
read GET endpoints — list, get, stats, health, triggers, schemas.
operational Read + toggle webhooks, retry/replay logs, execute queue jobs.
full Operational + create, update, delete. Reveals stored auth secrets. Token management requires WordPress admin session.
agent Same write access as full, but can never reveal a webhook's auth_header or any Credentials Vault secret. Intended for AI assistants.
Webhooks
8 endpointsCreate and manage webhook endpoints.
/webhooks +List webhooks
Returns all webhooks. Requires `read` scope or admin session.
Auth Required
Parameters
| Name | In | Type | Req | Description |
|---|---|---|---|---|
| only_enabled | query | boolean | — | default: false |
Responses
{
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/webhooks" \ -H "X-FSWA-Token: your-token"
/webhooks +Create a webhook
Creates a new webhook. Requires `full` scope or admin session.
Auth Required
Request Body · required
HTTP method used for delivery. GET and DELETE send no body — configure `url_params` to pass payload data as query parameters.
Extra request headers. Values support dot-notation paths into the outgoing payload or literal strings.
Dot-path (e.g. `event.id`) or static string.
Query parameters appended to the URL. Required for GET/DELETE to carry payload data.
Dot-path (e.g. `order.id`) or static string.
When true, the webhook fires inline during the WordPress request that triggered it, bypassing the queue for the first attempt. Retryable failures fall back to the async queue starting at attempt 1.
ID of a Credentials Vault entry to use for authorization. Takes precedence over `auth_header`. Set null to clear.
Responses
{
"id": 1,
"webhook_uuid": "550e8400-e29b-41d4-a716-446655440000",
"name": "Order to n8n",
"endpoint_url": "https://n8n.example.com/webhook/abc123",
"auth_header": "Bearer secret123",
"http_method": "GET"
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X POST "https://your-site.com/wp-json/fswa/v1/webhooks" \
-H "X-FSWA-Token: your-token" \
-H "Content-Type: application/json" \
-d '{
"name": "Order to n8n",
"endpoint_url": "https://n8n.example.com/webhook/abc123",
"auth_header": "Bearer secret123",
"http_method": "GET",
"custom_headers": ""
}' /webhooks/{id} +Get a webhook
Requires `read` scope or admin session.
Auth Required
Responses
{
"id": 1,
"webhook_uuid": "550e8400-e29b-41d4-a716-446655440000",
"name": "Order to n8n",
"endpoint_url": "https://n8n.example.com/webhook/abc123",
"auth_header": "Bearer secret123",
"http_method": "GET"
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/webhooks/id" \ -H "X-FSWA-Token: your-token"
/webhooks/{id} +Update a webhook
Updates a webhook. All fields are optional. Requires `full` scope or admin session.
Auth Required
Request Body · optional
HTTP method used for delivery. GET and DELETE send no body — configure `url_params` to pass payload data as query parameters.
Extra request headers. Values support dot-notation paths into the outgoing payload or literal strings.
Dot-path (e.g. `event.id`) or static string.
Query parameters appended to the URL. Required for GET/DELETE to carry payload data.
Dot-path (e.g. `order.id`) or static string.
When true, the webhook fires inline during the WordPress request that triggered it, bypassing the queue for the first attempt. Retryable failures fall back to the async queue starting at attempt 1.
ID of a Credentials Vault entry to use for authorization. Takes precedence over `auth_header`. Set null to clear.
Responses
{
"id": 1,
"webhook_uuid": "550e8400-e29b-41d4-a716-446655440000",
"name": "Order to n8n",
"endpoint_url": "https://n8n.example.com/webhook/abc123",
"auth_header": "Bearer secret123",
"http_method": "GET"
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X PATCH "https://your-site.com/wp-json/fswa/v1/webhooks/id" \
-H "X-FSWA-Token: your-token" \
-H "Content-Type: application/json" \
-d '{
"name": "Order to n8n",
"endpoint_url": "https://n8n.example.com/webhook/abc123",
"auth_header": "Bearer secret123",
"http_method": "GET",
"custom_headers": ""
}' /webhooks/{id} +Delete a webhook
Requires `full` scope or admin session.
Auth Required
Responses
{
"deleted": true,
"id": 0
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X DELETE "https://your-site.com/wp-json/fswa/v1/webhooks/id" \ -H "X-FSWA-Token: your-token"
/webhooks/{id}/toggle +Toggle webhook on/off
Flips the `is_enabled` flag. Requires `operational` scope or admin session.
Auth Required
Responses
{
"id": 1,
"webhook_uuid": "550e8400-e29b-41d4-a716-446655440000",
"name": "Order to n8n",
"endpoint_url": "https://n8n.example.com/webhook/abc123",
"auth_header": "Bearer secret123",
"http_method": "GET"
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X POST "https://your-site.com/wp-json/fswa/v1/webhooks/id/toggle" \ -H "X-FSWA-Token: your-token"
/webhooks/{webhook_id}/logs +List logs for a specific webhook
Returns paginated delivery logs scoped to a single webhook. Requires `read` scope.
Auth Required
Parameters
| Name | In | Type | Req | Description |
|---|---|---|---|---|
| page | query | integer | — | default: 1 |
| per_page | query | integer | — | default: 20 |
Responses
{
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/webhooks/webhook_id/logs" \ -H "X-FSWA-Token: your-token"
/webhooks/{id}/test +Send a test delivery
Fires a test delivery for a webhook. The webhook must have at least one trigger configured. Requires `full` scope or admin session. **Payload sources:** - `captured` — the raw captured example payload for the trigger (no mapping applied) - `mapped` — captured payload with field mapping applied - `pre_glue` — mapped payload with the pre-dispatch Code Glue snippet applied (Pro) - `full_glue` — same as `pre_glue`; post-dispatch snippet also runs after delivery (Pro) - `custom` — supply an arbitrary payload via the `payload` field **Modes:** - `now` — runs synchronously, returns the full log entry immediately - `queue` — enqueues the job and returns the job ID
Auth Required
Request Body · required
Trigger name to test. Defaults to the first configured trigger if omitted.
Where to source the test payload from.
Custom payload. Required when `payload_source` is `custom`.
objectCustom payload. Required when `payload_source` is `custom`.
`now` returns the result immediately; `queue` enqueues for async processing.
Responses
{
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X POST "https://your-site.com/wp-json/fswa/v1/webhooks/id/test" \
-H "X-FSWA-Token: your-token" \
-H "Content-Type: application/json" \
-d '{
"trigger": "woocommerce_order_status_completed",
"payload_source": "captured",
"payload": "",
"mode": "now"
}' Logs
8 endpointsView delivery logs, retry failures, and replay events.
/logs +List delivery logs
Returns paginated webhook delivery logs. Requires `read` scope.
Auth Required
Parameters
| Name | In | Type | Req | Description |
|---|---|---|---|---|
| page | query | integer | — | default: 1 |
| per_page | query | integer | — | default: 20 |
| status | query | string | — | success | error | retry | pending | permanently_failed | test | skipped |
| webhook_id | query | integer | — | |
| trigger_name | query | string | — | |
| webhook_uuid | query | string | — | Filter by webhook UUID / `X-Webhook-Id` value (partial match). |
| event_uuid | query | string | — | Filter by event UUID (exact match). |
| target_url | query | string | — | Filter by target URL (partial match). |
| date_from | query | string | — | Filter from this UTC datetime (format: `YYYY-MM-DD HH:MM:SS`). |
| date_to | query | string | — | Filter until this UTC datetime (format: `YYYY-MM-DD HH:MM:SS`). |
| chain_id | query | integer | — | Filter to entries triggered by any link in this chain (resolves to the chain's synthetic fswa_chain_link:N trigger names). |
Responses
{
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/logs" \ -H "X-FSWA-Token: your-token"
/logs +Bulk delete logs
Deletes all log entries older than the specified number of days. Requires `full` scope.
Auth Required
Parameters
| Name | In | Type | Req | Description |
|---|---|---|---|---|
| older_than_days | query | integer | yes |
Responses
{
"deleted": 0,
"older_than": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X DELETE "https://your-site.com/wp-json/fswa/v1/logs" \ -H "X-FSWA-Token: your-token"
/logs/stats +Delivery statistics
Returns delivery statistics for the specified period. Requires `read` scope.
Auth Required
Parameters
| Name | In | Type | Req | Description |
|---|---|---|---|---|
| days | query | integer | — | default: 7 |
| webhook_id | query | integer | — |
Responses
{
"total": 0,
"success": 0,
"error": 0,
"retry": 0,
"pending": 0,
"permanently_failed": 0
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/logs/stats" \ -H "X-FSWA-Token: your-token"
/logs/bulk-retry +Bulk retry failed logs
Resets the associated queue jobs for multiple failed log entries so they will be retried. Requires `operational` scope.
Auth Required
Request Body · required
Array of log IDs to retry.
Responses
{
"retried": 0,
"skipped": 0
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X POST "https://your-site.com/wp-json/fswa/v1/logs/bulk-retry" \
-H "X-FSWA-Token: your-token" \
-H "Content-Type: application/json" \
-d '{
"ids": ""
}' /logs/{id} +Get a log entry
Requires `read` scope.
Auth Required
Responses
{
"id": 0,
"webhook_id": 0,
"webhook_uuid": null,
"trigger_name": "woocommerce_order_status_completed",
"event_uuid": "550e8400-e29b-41d4-a716-446655440000",
"event_timestamp": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/logs/id" \ -H "X-FSWA-Token: your-token"
/logs/{id} +Delete a log entry
Requires `full` scope.
Auth Required
Responses
{
"deleted": true,
"id": 0
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X DELETE "https://your-site.com/wp-json/fswa/v1/logs/id" \ -H "X-FSWA-Token: your-token"
/logs/{id}/retry +Retry a failed log
Resets the queue job linked to a failed log entry so it will be retried on the next cron run. Only `error` or `permanently_failed` logs can be retried. Requires `operational` scope.
Auth Required
Responses
{
"success": false,
"job_id": 0
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X POST "https://your-site.com/wp-json/fswa/v1/logs/id/retry" \ -H "X-FSWA-Token: your-token"
/logs/{id}/replay +Replay a successful log
Creates a new queue job using the original payload from a successful log entry. The replay reuses the existing log entry (new attempt added to the attempt history). Only `success` logs can be replayed. Requires `operational` scope.
Auth Required
Responses
{
"success": false,
"job_id": 0
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X POST "https://your-site.com/wp-json/fswa/v1/logs/id/replay" \ -H "X-FSWA-Token: your-token"
Queue
5 endpointsInspect and control the delivery queue.
/queue +List queue jobs
Returns paginated queue jobs. Requires `read` scope.
Auth Required
Parameters
| Name | In | Type | Req | Description |
|---|---|---|---|---|
| page | query | integer | — | default: 1 |
| per_page | query | integer | — | default: 20 |
| status | query | string | — | pending | processing | completed | failed | permanently_failed |
| webhook_id | query | integer | — | |
| webhook_uuid | query | string | — | Filter by webhook UUID / `X-Webhook-Id` value (partial match). |
| event_uuid | query | string | — | Filter by event UUID (exact match). |
| target_url | query | string | — | Filter by target URL (partial match). |
| date_from | query | string | — | Filter from this UTC datetime (format: `YYYY-MM-DD HH:MM:SS`). |
| date_to | query | string | — | Filter until this UTC datetime (format: `YYYY-MM-DD HH:MM:SS`). |
| chain_id | query | integer | — | Filter to entries triggered by any link in this chain (resolves to the chain's synthetic fswa_chain_link:N trigger names). |
Responses
{
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/queue" \ -H "X-FSWA-Token: your-token"
/queue/stats +Queue statistics
Returns current queue counts by status. Requires `read` scope.
Auth Required
Responses
{
"total": 0,
"pending": 0,
"processing": 0,
"completed": 0,
"permanently_failed": 0,
"due_now": 0
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/queue/stats" \ -H "X-FSWA-Token: your-token"
/queue/execute +Execute a queue job immediately
Locks and executes a specific pending job immediately, bypassing the scheduled cron run. Requires `operational` scope.
Auth Required
Request Body · required
Queue job ID.
Responses
{
"success": false,
"rescheduled": false,
"permanently_failed": false,
"message": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X POST "https://your-site.com/wp-json/fswa/v1/queue/execute" \
-H "X-FSWA-Token: your-token" \
-H "Content-Type: application/json" \
-d '{
"id": 0
}' /queue/retry +Reset and retry a failed queue job
Resets a `permanently_failed` or `pending` job to be retried. Requires `operational` scope.
Auth Required
Request Body · required
Responses
{
"success": true,
"message": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X POST "https://your-site.com/wp-json/fswa/v1/queue/retry" \
-H "X-FSWA-Token: your-token" \
-H "Content-Type: application/json" \
-d '{
"id": 0
}' /queue/delete +Delete a queue job
Permanently removes a queue job. Cannot delete a job that is currently processing. Requires `full` scope.
Auth Required
Request Body · required
Responses
{
"success": true,
"message": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X POST "https://your-site.com/wp-json/fswa/v1/queue/delete" \
-H "X-FSWA-Token: your-token" \
-H "Content-Type: application/json" \
-d '{
"id": 0
}' Health
1 endpointSystem health and delivery statistics.
/health +System health and statistics
Returns aggregate delivery stats, queue health, velocity metrics, and observability indicators. Requires `read` scope.
Auth Required
Responses
{
"success_rate": 98.5,
"has_data": false,
"webhooks": null,
"logs": null,
"queue": null,
"velocity": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/health" \ -H "X-FSWA-Token: your-token"
Triggers
1 endpointBrowse available WordPress action triggers.
/triggers +List available triggers
Returns suggested triggers plus all currently registered WordPress hooks (excluding internal/UI hooks). Requires `read` scope.
Auth Required
Responses
{
"triggers": [],
"grouped": null,
"categories": null,
"allowCustom": false
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/triggers" \ -H "X-FSWA-Token: your-token"
Schemas
6 endpointsConfigure payload mapping for webhook/trigger pairs.
/schemas/webhook/{id} +List payload schemas for a webhook
Returns all stored payload schemas (one per trigger) for the given webhook. Requires `read` scope.
Auth Required
Responses
{
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/schemas/webhook/id" \ -H "X-FSWA-Token: your-token"
/schemas/webhook/{id}/trigger/{trigger} +Get payload schema
Returns the payload schema for a specific webhook/trigger pair. Returns an empty schema structure if none has been configured. Requires `read` scope.
Auth Required
Responses
{
"id": 0,
"webhook_id": 0,
"trigger_name": null,
"example_payload": null,
"field_mapping": null,
"conditions": {
"enabled": true,
"type": "and",
"rules": [
{
"field": "args.0.form_id",
"operator": "equals",
"value": "1",
"cast": "number"
},
{
"type": "group",
"match": "or",
"rules": [
{
"field": "args.0.4",
"operator": "equals",
"value": "sales"
},
{
"field": "args.0.4",
"operator": "equals",
"value": "support"
}
]
}
]
}
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/schemas/webhook/id/trigger/trigger" \ -H "X-FSWA-Token: your-token"
/schemas/webhook/{id}/trigger/{trigger} +Update payload schema
Creates or updates the payload schema for a webhook/trigger pair. Requires `full` scope.
Auth Required
Request Body · optional
Field mapping configuration. Use `mappings` to extract and rename individual fields from the raw hook payload using dot-notation paths. Use `excluded` to drop top-level keys from the output. Set `includeUnmapped` to `true` to pass through any fields not covered by `mappings` or `excluded`.
Dot-notation path into the raw payload (e.g. `args.0.1`, `args.0.ip`).
Dot-notation path for the key in the outgoing payload (e.g. `name`, `user_ip`, `data.tel`).
Optional type cast applied to the extracted value before mapping. Use `stringify` to JSON-encode arrays or objects into a string.
Top-level keys to drop from the output after mapping (e.g. `["args"]`).
Pass through top-level fields not covered by mappings or excluded.
Whether to auto-include WordPress user data for user-related triggers.
Conditional delivery rules. Pass `null` to remove. Free tier supports at most 1 simple rule; condition groups require Pro.
Match type. Free tier is locked to `and`.
Responses
{
"id": 0,
"webhook_id": 0,
"trigger_name": null,
"example_payload": null,
"field_mapping": null,
"conditions": {
"enabled": true,
"type": "and",
"rules": [
{
"field": "args.0.form_id",
"operator": "equals",
"value": "1",
"cast": "number"
},
{
"type": "group",
"match": "or",
"rules": [
{
"field": "args.0.4",
"operator": "equals",
"value": "sales"
},
{
"field": "args.0.4",
"operator": "equals",
"value": "support"
}
]
}
]
}
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X PUT "https://your-site.com/wp-json/fswa/v1/schemas/webhook/id/trigger/trigger" \
-H "X-FSWA-Token: your-token" \
-H "Content-Type: application/json" \
-d '{
"field_mapping": {
"mappings": [
{
"source": "args.0.1",
"target": "name"
},
{
"source": "args.0.2",
"target": "email"
},
{
"source": "args.0.3",
"target": "tel"
},
{
"source": "args.0.4",
"target": "type"
},
{
"source": "args.0.5",
"target": "message"
},
{
"source": "args.0.ip",
"target": "user_ip"
}
],
"excluded": [
"args"
],
"includeUnmapped": true
},
"include_user_data": false,
"conditions": {
"enabled": true,
"type": "and",
"rules": [
{
"field": "order.status",
"operator": "equals",
"value": "completed"
},
{
"field": "order.total",
"operator": "greater_than",
"value": "100",
"cast": "number"
}
]
}
}' /schemas/webhook/{id}/trigger/{trigger} +Delete payload schema
Removes the payload schema for a webhook/trigger pair. Requires `full` scope.
Auth Required
Responses
{
"deleted": false
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X DELETE "https://your-site.com/wp-json/fswa/v1/schemas/webhook/id/trigger/trigger" \ -H "X-FSWA-Token: your-token"
/schemas/webhook/{id}/trigger/{trigger}/capture +Reset payload capture
Clears the stored example payload so the next webhook delivery will be captured as the new example. Requires `full` scope.
Auth Required
Responses
{
"reset": false,
"schema": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X POST "https://your-site.com/wp-json/fswa/v1/schemas/webhook/id/trigger/trigger/capture" \ -H "X-FSWA-Token: your-token"
/schemas/user-triggers +List triggers that support user data enrichment
Returns the list of trigger hook names that support automatic user data enrichment (when `include_user_data` is enabled). Requires `read` scope.
Auth Required
Responses
{
"triggers": [
"user_register",
"profile_update",
"wp_login",
"wp_logout"
]
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/schemas/user-triggers" \ -H "X-FSWA-Token: your-token"
API Tokens
5 endpointsManage API tokens. Requires WordPress admin login — tokens cannot manage themselves on their own.
/tokens +List API tokens
Returns all API tokens (never exposes the token secret). **Requires WordPress admin login.** API tokens cannot access this endpoint.
Auth Required
Responses
{
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/tokens" \ -H "X-FSWA-Token: your-token"
/tokens +Create an API token
Creates a new API token. The plaintext token is returned **once** in the response and cannot be retrieved later. **Requires WordPress admin login.**
Auth Required
Request Body · required
Optional UTC expiry. Omit for no expiry.
Responses
{
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X POST "https://your-site.com/wp-json/fswa/v1/tokens" \
-H "X-FSWA-Token: your-token" \
-H "Content-Type: application/json" \
-d '{
"name": "n8n integration",
"scope": "read",
"expires_at": "2027-01-01 00:00:00"
}' /tokens/{id}/rotate +Rotate an API token
Issues a new token secret while preserving the token's name, scope, and other settings. The old secret is immediately invalidated. The new plaintext token is returned **once**. Optionally update `expires_at` in the same request. **Requires WordPress admin login.**
Auth Required
Request Body · optional
If present, updates the expiry. Pass `null` to remove expiry. Omit to keep the current expiry.
Responses
{
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X POST "https://your-site.com/wp-json/fswa/v1/tokens/id/rotate" \
-H "X-FSWA-Token: your-token" \
-H "Content-Type: application/json" \
-d '{
"expires_at": "2027-06-01 00:00:00"
}' /tokens/{id} +Update token expiry
Updates `expires_at` without rotating the token secret. Pass `null` to remove the expiry. **Requires WordPress admin login.**
Auth Required
Request Body · required
Responses
{
"id": 0,
"name": "n8n integration",
"scope": "read",
"token_hint": "ab12",
"expires_at": null,
"last_used_at": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X PATCH "https://your-site.com/wp-json/fswa/v1/tokens/id" \
-H "X-FSWA-Token: your-token" \
-H "Content-Type: application/json" \
-d '{
"expires_at": "2027-01-01 00:00:00"
}' /tokens/{id} +Delete an API token
Permanently deletes an API token. **Requires WordPress admin login.**
Auth Required
Responses
{
"deleted": true,
"id": 0
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X DELETE "https://your-site.com/wp-json/fswa/v1/tokens/id" \ -H "X-FSWA-Token: your-token"
Credentials Vault
7 endpointsEncrypted, reusable authentication secrets referenced by webhooks. Secrets are write-only — never returned by the API.
/credentials +List credentials
Lists vault credentials (metadata + masked hint only). Requires `full`/`agent` scope or admin session.
Auth Required
Responses
{
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/credentials" \ -H "X-FSWA-Token: your-token"
/credentials +Create a credential
Creates an encrypted credential. The secret is write-only — the response returns metadata only. Requires `full`/`agent` scope or admin session.
Auth Required
Request Body · required
Required for `api_key`/`custom` (defaults to `Authorization`).
Token/key for bearer, api_key, or custom types.
Username for `basic` type (e.g. WordPress username for an Application Password).
Password/application-password for `basic` type.
Responses
{
"id": 3,
"name": "HubSpot PAT",
"type": "bearer",
"header_name": "X-API-Key",
"hint": "Bearer ****1234",
"created_at": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X POST "https://your-site.com/wp-json/fswa/v1/credentials" \
-H "X-FSWA-Token: your-token" \
-H "Content-Type: application/json" \
-d '{
"name": "HubSpot PAT",
"type": "bearer",
"header_name": "X-API-Key",
"secret": "sk_live_xxx",
"username": ""
}' /credentials/{id} +Get a credential
Returns credential metadata (no secret).
Auth Required
Responses
{
"id": 3,
"name": "HubSpot PAT",
"type": "bearer",
"header_name": "X-API-Key",
"hint": "Bearer ****1234",
"created_at": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/credentials/id" \ -H "X-FSWA-Token: your-token"
/credentials/{id} +Update a credential
Updates a credential. Omit secret fields to keep the current value; supplying them re-encrypts. Requires `full`/`agent` scope or admin session.
Auth Required
Request Body · required
Required for `api_key`/`custom` (defaults to `Authorization`).
Token/key for bearer, api_key, or custom types.
Username for `basic` type (e.g. WordPress username for an Application Password).
Password/application-password for `basic` type.
Responses
{
"id": 3,
"name": "HubSpot PAT",
"type": "bearer",
"header_name": "X-API-Key",
"hint": "Bearer ****1234",
"created_at": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X PUT "https://your-site.com/wp-json/fswa/v1/credentials/id" \
-H "X-FSWA-Token: your-token" \
-H "Content-Type: application/json" \
-d '{
"name": "HubSpot PAT",
"type": "bearer",
"header_name": "X-API-Key",
"secret": "sk_live_xxx",
"username": ""
}' /credentials/{id} +Delete a credential
Deletes a credential. Blocked with 409 if any webhook references it, unless `force=true` is passed (which detaches it from those webhooks first).
Auth Required
Parameters
| Name | In | Type | Req | Description |
|---|---|---|---|---|
| force | query | boolean | — | Detach from referencing webhooks and delete anyway. default: false |
Responses
{
"deleted": false,
"id": 0,
"detached": 0
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X DELETE "https://your-site.com/wp-json/fswa/v1/credentials/id" \ -H "X-FSWA-Token: your-token"
/credentials/key-status +Vault encryption-key status
Reports whether the encryption key lives in the database or the `FSWA_SECRET_KEY` constant, and whether a re-encryption migration is needed.
Auth Required
Responses
{
"key_source": "database",
"using_constant": false,
"db_key_present": false,
"fully_protected": false,
"needs_migration": false,
"total": 0
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/credentials/key-status" \ -H "X-FSWA-Token: your-token"
/credentials/reencrypt +Re-encrypt all credentials
Re-wraps every credential with the current primary key. When `FSWA_SECRET_KEY` is in use and all succeed, the database key is deleted so only the wp-config key can decrypt. Requires `full`/`agent` scope or admin session.
Auth Required
Responses
{
"migrated": 0,
"failed": 0,
"failed_ids": [],
"db_key_removed": false
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X POST "https://your-site.com/wp-json/fswa/v1/credentials/reencrypt" \ -H "X-FSWA-Token: your-token"
Dispatcher
4 endpointsManually process the queue and manage cron configuration. Requires WordPress admin login.
/dispatcher/process +Manually process the queue
Triggers a batch queue processing run immediately. **Requires WordPress admin login.** For automated cron use, use `GET /cron/process` instead.
Auth Required
Request Body · optional
Responses
{
"success": false,
"message": null,
"result": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X POST "https://your-site.com/wp-json/fswa/v1/dispatcher/process" \
-H "X-FSWA-Token: your-token" \
-H "Content-Type: application/json" \
-d '{
"batch_size": 0
}' /cron/process +Cron queue processing endpoint
Processes a batch of due queue jobs. Authenticated via the `token` query parameter (a server-generated secret, not an API token). Designed for use with system cron: ``` */1 * * * * curl -fsS 'https://your-site.com/wp-json/fswa/v1/cron/process?token=SECRET' >/dev/null 2>&1 ``` The cron URL and command are available from `GET /cron/info`.
Parameters
| Name | In | Type | Req | Description |
|---|---|---|---|---|
| token | query | string | yes | Cron secret token from the plugin settings. |
| batch_size | query | integer | — | default: 10 |
Responses
{
"ok": false,
"processed": 0,
"succeeded": 0,
"failed": 0
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/cron/process" \ -H "X-FSWA-Token: your-token"
/cron/info +Get cron configuration
Returns the cron secret token, the ready-to-use cron URL, and a crontab command for system cron setup. **Requires WordPress admin login.**
Auth Required
Responses
{
"token": null,
"cron_url": null,
"cron_command": "*/1 * * * * curl -fsS 'https://your-site.com/wp-json/fswa/v1/cron/process?token=...' >/dev/null 2>&1",
"last_run": null,
"last_run_human": "5 minutes ago",
"wp_cron_disabled": false
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/cron/info" \ -H "X-FSWA-Token: your-token"
/cron/regenerate-token +Regenerate cron secret
Generates a new cron secret, invalidating the previous one. **Requires WordPress admin login.**
Auth Required
Responses
{
"success": false,
"token": null,
"cron_url": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X POST "https://your-site.com/wp-json/fswa/v1/cron/regenerate-token" \ -H "X-FSWA-Token: your-token"
Code Glue
Pro 8 endpointsPHP snippet enrichment for webhook payloads — requires the Pro plugin. Snippets run before dispatch (pre) to modify the payload, or after a successful delivery (post) for side-effects. Requires WordPress admin session or a `full`-scope API token.
/pro/snippets +List snippets
Returns all Code Glue snippets, optionally filtered by search term or tags. Requires `read` scope or admin session.
Auth Required
Parameters
| Name | In | Type | Req | Description |
|---|---|---|---|---|
| search | query | string | — | Filter by name or code content (case-insensitive substring match). |
| tags[] | query | array | — | Filter to snippets that have at least one of the given tags. |
Responses
{
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/pro/snippets" \ -H "X-FSWA-Token: your-token"
/pro/snippets +Create a snippet
Creates a new Code Glue snippet. Requires `full` scope or admin session.
Auth Required
Request Body · required
PHP snippet body. No `<?php` tag. Pre-dispatch snippets must return an array.
Responses
{
"id": 0,
"name": "Enrich order payload",
"tags": [
"woocommerce",
"orders"
],
"code": "$payload[\"vat_number\"] = get_user_meta({{ $args.0.ID }}, 'vat_number', true);\nreturn $payload;",
"created_at": null,
"updated_at": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X POST "https://your-site.com/wp-json/fswa/v1/pro/snippets" \
-H "X-FSWA-Token: your-token" \
-H "Content-Type: application/json" \
-d '{
"name": "Enrich order payload",
"tags": "",
"code": ""
}' /pro/snippets/preview +Preview snippet execution
Executes a code snippet against a given payload and returns the result without saving anything. Safe to call repeatedly during development. Requires `full` scope or admin session. **Pre mode** (`mode=pre`): snippet receives `$payload` and `$args` (`$payload['args'] ?? []`). Must `return $array;` — non-array return leaves payload unchanged. **Post mode** (`mode=post`): snippet receives `$payload`, `$originalPayload`, `$responseCode`, and `$responseBody` from `postContext`. Return value is ignored.
Auth Required
Request Body · required
PHP snippet body to execute.
The payload to run the snippet against.
objectThe payload to run the snippet against.
Execution mode.
Required for `mode=post`. Provides the post-dispatch variables.
Pre-mapping payload. Null if no field mapping was applied.
objectPre-mapping payload. Null if no field mapping was applied.
HTTP status code from the delivery.
Raw response body from the endpoint.
Responses
{
"result": null,
"error": null,
"output": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X POST "https://your-site.com/wp-json/fswa/v1/pro/snippets/preview" \
-H "X-FSWA-Token: your-token" \
-H "Content-Type: application/json" \
-d '{
"code": "",
"payload": "",
"mode": "pre",
"postContext": ""
}' /pro/snippets/{id} +Get a snippet
Requires `read` scope or admin session.
Auth Required
Responses
{
"id": 0,
"name": "Enrich order payload",
"tags": [
"woocommerce",
"orders"
],
"code": "$payload[\"vat_number\"] = get_user_meta({{ $args.0.ID }}, 'vat_number', true);\nreturn $payload;",
"created_at": null,
"updated_at": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/pro/snippets/id" \ -H "X-FSWA-Token: your-token"
/pro/snippets/{id} +Update a snippet
Partially updates a snippet. Only provided fields are changed — omitting `name` or `tags` leaves them intact. Requires `full` scope or admin session.
Auth Required
Request Body · optional
Responses
{
"id": 0,
"name": "Enrich order payload",
"tags": [
"woocommerce",
"orders"
],
"code": "$payload[\"vat_number\"] = get_user_meta({{ $args.0.ID }}, 'vat_number', true);\nreturn $payload;",
"created_at": null,
"updated_at": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X POST "https://your-site.com/wp-json/fswa/v1/pro/snippets/id" \
-H "X-FSWA-Token: your-token" \
-H "Content-Type: application/json" \
-d '{
"name": "",
"tags": "",
"code": ""
}' /pro/snippets/{id} +Delete a snippet
Deletes a snippet. Existing trigger-snippet assignments that reference this snippet will retain the ID but the snippet field will return null. Requires `full` scope or admin session.
Auth Required
Responses
{
"deleted": false
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X DELETE "https://your-site.com/wp-json/fswa/v1/pro/snippets/id" \ -H "X-FSWA-Token: your-token"
/pro/trigger-snippets/{webhook_id}/trigger/{trigger} +Get trigger-snippet assignment
Returns the pre/post snippet assignment for a webhook+trigger pair. Returns a default empty structure (no error) if no assignment has been saved yet. Requires `read` scope or admin session.
Auth Required
Responses
{
"id": 0,
"webhook_id": 0,
"trigger_name": "woocommerce_order_status_completed",
"pre_snippet_id": 0,
"pre_enabled": false,
"pre_snippet": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/pro/trigger-snippets/webhook_id/trigger/trigger" \ -H "X-FSWA-Token: your-token"
/pro/trigger-snippets/{webhook_id}/trigger/{trigger} +Save trigger-snippet assignment
Creates or updates the pre/post snippet assignment for a webhook+trigger pair. Only provided fields are updated (upsert). Requires `full` scope or admin session.
Auth Required
Request Body · required
ID of the snippet to run before dispatch. Pass `null` to clear.
Whether the pre-dispatch snippet is active.
ID of the snippet to run after a successful delivery. Pass `null` to clear.
Whether the post-dispatch snippet is active.
Responses
{
"id": 0,
"webhook_id": 0,
"trigger_name": "woocommerce_order_status_completed",
"pre_snippet_id": 0,
"pre_enabled": false,
"pre_snippet": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X POST "https://your-site.com/wp-json/fswa/v1/pro/trigger-snippets/webhook_id/trigger/trigger" \
-H "X-FSWA-Token: your-token" \
-H "Content-Type: application/json" \
-d '{
"pre_snippet_id": 0,
"pre_enabled": false,
"post_snippet_id": 0,
"post_enabled": false
}' Chains
8 endpointsCompose webhook automations: link the success of one webhook to the dispatch of others.
/chains +List chains
Return all chains with their links and member webhook IDs.
Auth Required
Responses
example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/chains" \ -H "X-FSWA-Token: your-token"
/chains +Create a chain
Create a new (empty) chain. Add source->target edges via /chains/{id}/links.
Auth Required
Request Body · required
Responses
{
"id": 0,
"name": null,
"description": null,
"created_at": null,
"updated_at": null,
"member_webhook_ids": []
} example request
curl -X POST "https://your-site.com/wp-json/fswa/v1/chains" \
-H "X-FSWA-Token: your-token" \
-H "Content-Type: application/json" \
-d '{
"name": "",
"description": ""
}' /chains/{id} +Get a chain
Auth Required
Responses
{
"id": 0,
"name": null,
"description": null,
"created_at": null,
"updated_at": null,
"member_webhook_ids": []
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/chains/id" \ -H "X-FSWA-Token: your-token"
/chains/{id} +Rename or re-describe a chain
Auth Required
Request Body · required
Responses
{
"id": 0,
"name": null,
"description": null,
"created_at": null,
"updated_at": null,
"member_webhook_ids": []
} example request
curl -X PATCH "https://your-site.com/wp-json/fswa/v1/chains/id" \
-H "X-FSWA-Token: your-token" \
-H "Content-Type: application/json" \
-d '{
"name": "",
"description": ""
}' /chains/{id} +Delete a chain
Removes the chain and all its links. Member webhooks remain but lose their chain-link triggers; webhooks left triggerless render as orphans in the admin.
Auth Required
Responses
{
"deleted": false,
"id": 0,
"links_removed": 0
} example request
curl -X DELETE "https://your-site.com/wp-json/fswa/v1/chains/id" \ -H "X-FSWA-Token: your-token"
/chains/{id}/links +List chain links
Auth Required
Responses
example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/chains/id/links" \ -H "X-FSWA-Token: your-token"
/chains/{id}/links +Add a source->target link
Wire a webhook so it fires when another webhook succeeds. Save-time cycle detection rejects edges that would create a cycle across any chain (HTTP 409 rest_chain_cycle).
Auth Required
Request Body · required
Responses
{
"id": 0,
"chain_id": 0,
"source_webhook_id": 0,
"target_webhook_id": 0,
"created_at": null
} example request
curl -X POST "https://your-site.com/wp-json/fswa/v1/chains/id/links" \
-H "X-FSWA-Token: your-token" \
-H "Content-Type: application/json" \
-d '{
"source_webhook_id": 0,
"target_webhook_id": 0
}' /chains/{id}/links/{linkId} +Delete a link
Removes the link and its synthetic fswa_chain_link:N trigger row. If this was the chain's last link, the chain itself is auto-deleted (chain_deleted: true).
Auth Required
Responses
{
"deleted": false,
"id": 0,
"chain_deleted": false
} example request
curl -X DELETE "https://your-site.com/wp-json/fswa/v1/chains/id/links/linkId" \ -H "X-FSWA-Token: your-token"
License
Pro 3 endpointsManage the Pro license key. Requires WordPress admin session.
/license +Get license status
Auth Required
Responses
{
"active": false,
"data": null
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/license" \ -H "X-FSWA-Token: your-token"
/license/activate +Activate a license key
Auth Required
Request Body · required
Responses
{
"active": true,
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X POST "https://your-site.com/wp-json/fswa/v1/license/activate" \
-H "X-FSWA-Token: your-token" \
-H "Content-Type: application/json" \
-d '{
"license_key": "XXXXX-XXXXX-XXXXX-XXXXX"
}' /license/deactivate +Deactivate the license
Removes the local activation and frees the site slot on the license server.
Auth Required
Responses
{
"active": false
} example request
curl -X DELETE "https://your-site.com/wp-json/fswa/v1/license/deactivate" \ -H "X-FSWA-Token: your-token"
Pro Settings
Pro 2 endpointsConfigure Pro-only delivery settings: global retry limits and backoff strategy. Requires WordPress admin session.
/pro/settings +Get Pro delivery settings
Auth Required
Responses
{
"global_max_attempts": 5,
"backoff_strategy": "exponential",
"backoff_base_delay": 60,
"backoff_max_delay": 3600
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/pro/settings" \ -H "X-FSWA-Token: your-token"
/pro/settings +Update Pro delivery settings
All fields are optional. Pass `null` to clear a field back to its default (unlimited/disabled).
Auth Required
Request Body · optional
Override the per-webhook max retry attempts for all webhooks. Null = use per-webhook setting.
Retry backoff algorithm. Null = use plugin default.
Base delay in seconds for the backoff calculation. Null = use plugin default.
Maximum delay cap in seconds between retries. Null = use plugin default.
Responses
{
"global_max_attempts": 5,
"backoff_strategy": "exponential",
"backoff_base_delay": 60,
"backoff_max_delay": 3600
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X PUT "https://your-site.com/wp-json/fswa/v1/pro/settings" \
-H "X-FSWA-Token: your-token" \
-H "Content-Type: application/json" \
-d '{
"global_max_attempts": 5,
"backoff_strategy": "exponential",
"backoff_base_delay": 60,
"backoff_max_delay": 3600
}' External Cron
Pro 5 endpointsConfigure Uptime Kuma-based external cron (externalcron.com) to replace unreliable WP-Cron. The monitor pings either the FSWA queue processor or wp-cron.php on a fixed interval. Requires an active Pro license and WordPress admin session.
/pro/external-cron/settings +Get External Cron settings
Auth Required
Responses
{
"enabled": false,
"mode": "plugin_endpoint",
"min_interval": 0,
"interval": 60,
"batch_size": 10,
"monitor_id": 0
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/pro/external-cron/settings" \ -H "X-FSWA-Token: your-token"
/pro/external-cron/settings +Update External Cron settings
All fields are optional. Changing `mode` updates the Kuma monitor URL. Changing `interval` or `batch_size` updates the Kuma monitor configuration.
Auth Required
Request Body · optional
Seconds between pings. Min 20 (plugin_endpoint) or 60 (wp_cron), max 3600.
Jobs processed per ping (1-100). Only relevant in plugin_endpoint mode.
Responses
{
"enabled": false,
"mode": "plugin_endpoint",
"min_interval": 0,
"interval": 60,
"batch_size": 10,
"monitor_id": 0
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X PUT "https://your-site.com/wp-json/fswa/v1/pro/external-cron/settings" \
-H "X-FSWA-Token: your-token" \
-H "Content-Type: application/json" \
-d '{
"enabled": false,
"mode": "plugin_endpoint",
"interval": 0,
"batch_size": 0
}' /pro/external-cron/stats +Get External Cron monitor stats
Returns recent heartbeat history and uptime statistics from the Uptime Kuma monitor.
Auth Required
Responses
{
"beats": [],
"uptime_24h": null,
"avg_ping": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/pro/external-cron/stats" \ -H "X-FSWA-Token: your-token"
/pro/external-cron/pause +Pause the External Cron monitor
Auth Required
Responses
{
"paused": true
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X POST "https://your-site.com/wp-json/fswa/v1/pro/external-cron/pause" \ -H "X-FSWA-Token: your-token"
/pro/external-cron/resume +Resume the External Cron monitor
Auth Required
Responses
{
"active": true
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X POST "https://your-site.com/wp-json/fswa/v1/pro/external-cron/resume" \ -H "X-FSWA-Token: your-token"
Activity History
3 endpointsPersistent audit log of every admin and API-token action: webhooks, tokens, settings, logs, queue, schemas, chains, cron, and (Pro) snippets. Each entry captures the actor, action type, affected object, structured old/new diffs, and optional AI prompt/reasoning from `X-FSWA-Prompt` / `X-FSWA-Reason` request headers. Requires `read` scope for listing; `full` scope for bulk delete.
/activity +List activity log entries
Returns paginated activity log entries, newest first. Requires `read` scope.
Auth Required
Parameters
| Name | In | Type | Req | Description |
|---|---|---|---|---|
| page | query | integer | — | default: 1 |
| per_page | query | integer | — | default: 20 |
| action | query | string | — | Filter by exact action string (e.g. `webhook.updated`). |
| action_prefix | query | string | — | Filter by action prefix (e.g. `webhook` matches all webhook actions). |
| user_id | query | integer | — | |
| object_type | query | string | — | |
| object_id | query | integer | — | |
| date_from | query | string | — | Filter from this UTC datetime (format: `YYYY-MM-DD HH:MM:SS`). |
| date_to | query | string | — | Filter until this UTC datetime (format: `YYYY-MM-DD HH:MM:SS`). |
Responses
{
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/activity" \ -H "X-FSWA-Token: your-token"
/activity +Bulk delete activity log entries
Deletes activity log entries older than the specified number of days. Omitting `older_than_days` deletes all entries. Requires `full` scope.
Auth Required
Parameters
| Name | In | Type | Req | Description |
|---|---|---|---|---|
| older_than_days | query | integer | — | Delete entries older than this many days. Omit to delete all entries. |
Responses
{
"deleted": 0
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X DELETE "https://your-site.com/wp-json/fswa/v1/activity" \ -H "X-FSWA-Token: your-token"
/activity/{id} +Get an activity log entry
Returns a single activity log entry by ID. Requires `read` scope.
Auth Required
Responses
{
"id": 0,
"user_id": 0,
"token_id": 0,
"token_hint": "ab12",
"action": "webhook.updated",
"object_type": "webhook"
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} {
"code": "rest_webhook_not_found",
"message": "Webhook not found.",
"data": null
} example request
curl -X GET "https://your-site.com/wp-json/fswa/v1/activity/id" \ -H "X-FSWA-Token: your-token"